ahmido
2f7a521d5f
## Summary - add the full workspace/environment context browser verification audit for Spec 313 - include the surface matrix, query and clear-filter inventories, ownership map, and audit report - attach browser evidence artifacts and screenshots for the current workspace/environment context contract ## Testing - no automated tests run; this is an analysis-only spec and artifact package with no runtime changes Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #368
6.9 KiB
6.9 KiB
Code Ownership Map
| Behavior | File | Class/method/view | Pages affected | Risk | Notes |
|---|---|---|---|---|---|
| Workspace sidebar URLs | apps/platform/app/Support/Navigation/WorkspaceSidebarNavigation.php |
build() |
Operations, Provider Connections, Finding Exceptions, Reviews, Customer Reviews, Governance, Alerts, Audit | critical | Workspace builder emits clean URLs, but provider links can still regain query after page hydration/context resolution. |
| Admin panel navigation registration | apps/platform/app/Providers/Filament/AdminPanelProvider.php |
panel registration/navigation closure | All admin resources/pages | high | Registers custom workspace sidebar, environment-aware render hooks, pages, resources, and middleware. |
| Environment dashboard CTA URLs | apps/platform/app/Support/EnvironmentDashboard/EnvironmentDashboardSummaryBuilder.php |
card/link builders | Operations, reviews, evidence, required permissions, backup, risks | critical | Dashboard CTAs mix workspace hub URLs with explicit filters and environment-owned resource URLs. |
| Environment dashboard support actions | apps/platform/app/Filament/Pages/EnvironmentDashboard.php |
support request actions | Support Requests, Environment Dashboard | medium | Support request is modal/action-only, not a list page. Not submitted in audit. |
| Context bar and clear environment scope | apps/platform/resources/views/filament/partials/context-bar.blade.php |
clear environment forms | Shell/global navigation | critical | Browser showed "Clear environment scope" available on several workspace pages even while shell text said "No environment selected". |
| Clear environment session handler | apps/platform/app/Http/Controllers/ClearEnvironmentContextController.php |
__invoke() |
Shell context and route redirects | high | Clears remembered tenant and Filament tenant, then redirects based on previous path category. |
| Shell context resolver | apps/platform/app/Support/OperateHub/OperateHubShell.php |
active tenant/scope/header actions | Operations, Finding Exceptions, Audit, evidence-like monitoring pages | critical | Combines route/query/page category/remembered tenant state. Mismatch observed when shell showed no environment but stale clear environment action remained. |
| Remembered tenant/session map | apps/platform/app/Support/Workspaces/WorkspaceContext.php |
rememberTenantContext(), lastTenantId(), clearRememberedTenantContext() |
All workspace hubs | critical | Session carrier can influence navigation/helper output after shell context appears cleared. |
| Provider connection filter behavior | apps/platform/app/Filament/Resources/ProviderConnectionResource.php |
resolveRequestedTenantExternalId(), resolveContextTenantExternalId(), table query |
Provider Connections | critical | managed_environment_id means slug/external id here. Context fallback can use remembered tenant. No browser-observed page clear. |
| Provider connection link helper | apps/platform/app/Support/ManagedEnvironmentLinks.php |
providerConnectionsUrl() |
Provider Connections | critical | Adds managed_environment_id as environment external id/slug. |
| Operations URL helper | apps/platform/app/Support/OperationRunLinks.php |
index() |
Operations and operation links | high | Adds database id managed_environment_id, tenant_scope=all, activeTab, problemClass, and nested tableFilters. |
| Operations filter hydration | apps/platform/app/Filament/Pages/Monitoring/Operations.php |
applyRequestedDashboardPrefilter(), header actions |
Operations | critical | Browser showed URL prefilter without visible environment narrowing; show-all action exists in code but was not exposed as Clear filters in tested CTA state. |
| Finding exceptions filter behavior | apps/platform/app/Filament/Pages/Monitoring/FindingExceptionsQueue.php |
state contract, mount(), clear actions |
Finding Exceptions Queue | critical | tenant query is tenant-sensitive and restorable. Clear did not remove query; reload restored filter. |
| Finding exceptions open controller | apps/platform/app/Http/Controllers/OpenFindingExceptionsQueueController.php |
redirect with tenant |
Finding Exceptions Queue | high | Environment-owned entry point to workspace queue. |
| Evidence filter behavior | apps/platform/app/Filament/Pages/Monitoring/EvidenceOverview.php |
clearOverviewFilters(), table records |
Evidence Overview | medium | Best clear pattern: resets table/session/search and redirects to clean overview URL. |
| Review register filter behavior | apps/platform/app/Filament/Pages/Reviews/ReviewRegister.php |
applyRequestedTenantPrefilter(), clearRegisterFilters() |
Reviews | high | Code applies tenant query, but tested managed_environment_id URL remained after clear; clear only removes table filters. |
| Customer review workspace filter behavior | apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php |
tenantPrefilterUrl(), applyRequestedTenantPrefilter(), clearWorkspaceFilters() |
Customer Reviews | critical | Query tenant=<slug> converted to table filter; clear removes table filters only and leaves query. Reload restores filter. |
| Governance inbox query behavior | apps/platform/app/Filament/Pages/Governance/GovernanceInbox.php |
pageUrl(), clear environment link/view |
Governance Inbox | medium | Browser showed visible ManagedEnvironment: YPTW2 and clean clear link. |
| Decision register query/access behavior | apps/platform/app/Filament/Pages/Governance/DecisionRegister.php |
canAccess(), pageUrl() |
Decision Register | high | Clean workspace URL 403 when no visible decisions; filtered URL bypassed that path and opened. |
| Audit log filters | apps/platform/app/Filament/Pages/Monitoring/AuditLog.php |
state contract/table filters | Audit Log | medium | Workspace-wide data proof exists; persisted filter edge still needs regression guard. |
| Canonical filter/session helper | apps/platform/app/Support/Filament/CanonicalAdminTenantFilterState.php |
sync(), currentFilterValue() |
Operations, Reviews, monitoring pages | high | Session table filters can survive beyond sidebar intent. |
| Required permissions links | apps/platform/app/Support/Links/RequiredPermissionsLinks.php |
required permissions URL builder | Required Permissions | low | Environment-owned route; shell/header aligned. |
| Stored reports resource | apps/platform/app/Filament/Resources/StoredReportResource.php |
route/table/query | Stored Reports | low | Environment-scoped resource; 2 env rows exist. No workspace reports hub found. |
| Support request services | apps/platform/app/Support/SupportRequests/*, apps/platform/app/Models/SupportRequest.php |
create modal submission | Support Requests | medium | Action-only support surface. No admin index route/resource discovered. |
| System panel pages | apps/platform/app/Filament/System/Pages/* |
platform panel | System/admin platform | low | Classified as system/platform scoped and not part of admin workspace context contract. |